Tuesday, September 10, 2002

Internet Crime Reporting Cybercrime.gov was one of the billions of federal websites that I had never visited.  It has a table of how to report on a multitude of cyber crimes, everything from computer intrusion to copyright piracy.  In Utah, these crimes can all be reported through the Utah Cybercrime Task Force by sending an e-mail to cybercrime@utah.gov.  Newsfactor has a daily cybercrimes report. 9:56:10 AM

New NIST Security Documents NIST has just released several new security documents with standards for federal agencies.  I would suggest that state agencies pay attention to some of the NIST recommendations as well. Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme  Security Guide for Interconnecting Information Technology Systems Security for Telecommuting and Broadband Communications  Procedures for Handling Security Patches NIST also maintains the ICAT database, which is a searchable index of computer vulnerabilities.  The document on handling security patches suggests the creation of a patch and vulnerability group (PVG).  Looks like a good idea.  This group would be responsible for (among other things): Creating an organizational hardware and software inventory Identifying newly discovered vulnerabilities and security patches Prioritizing patch application Creating an organization-specific patch database Testing patches for functionality and security (to the degree that resources allow) Distributing patch and vulnerability information to local administrators Verifying patch installation through network and host vulnerability scanning Training system administrators in the use of vulnerability databases Deploying patches automatically (when applicable) Configure Automatic Update of Applications (when applicable). 9:29:43 AM

© Copyright 2002 David Fletcher.